X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-xmltooling.git;a=blobdiff_plain;f=xmltooling%2Fsecurity%2FCredentialResolver.h;h=68d675f11226aa7fe7f5cea3ba417b052ba44ee0;hp=a9324eee75e19582ddbcd780e2ced9df16e6812e;hb=6505807a62569ce65803b448b07a6872c6af2512;hpb=e4d3ad9286b650c25c50b1b2226d1fda5e15f6a3

diff --git a/xmltooling/security/CredentialResolver.h b/xmltooling/security/CredentialResolver.h
index a9324ee..68d675f 100644
--- a/xmltooling/security/CredentialResolver.h
+++ b/xmltooling/security/CredentialResolver.h
@@ -15,9 +15,9 @@
  */
 
 /**
- * @file xmltooling/signature/CredentialResolver.h
+ * @file xmltooling/security/CredentialResolver.h
  * 
- * Resolves keys and certificates "owned" by an entity 
+ * An API for resolving keys and certificates based on application criteria.
  */
 
 #if !defined(__xmltooling_credres_h__) && !defined(XMLTOOLING_NO_XMLSEC)
@@ -25,20 +25,15 @@
 
 #include <xmltooling/Lockable.h>
 
-#include <vector>
-#include <xsec/enc/XSECCryptoKey.hpp>
-#include <xsec/enc/XSECCryptoX509.hpp>
-
-namespace xmlsignature {
-    class XMLTOOL_API KeyInfo;
-};
-
 namespace xmltooling {
 
+    class XMLTOOL_API Credential;
+    class XMLTOOL_API CredentialCriteria;
+
     /**
-     * An API for resolving local/owned keys and certificates
+     * An API for resolving keys and certificates based on application criteria.
      */
-    class XMLTOOL_API CredentialResolver : public Lockable
+    class XMLTOOL_API CredentialResolver : public virtual Lockable
     {
         MAKE_NONCOPYABLE(CredentialResolver);
     protected:
@@ -48,21 +43,23 @@ namespace xmltooling {
         virtual ~CredentialResolver() {}
         
         /**
-         * Returns a secret or private key to use for signing or decryption operations.
-         * The caller is responsible for deleting the key when finished with it.
+         * Returns a single Credential according to the supplied criteria.
          * 
-         * @param keyInfo   optional material identifying a decryption key 
-         * @return  a secret or private key
+         * @param criteria   an optional CredentialCriteria object 
+         * @return  a Credential, or NULL if none could be found
          */
-        virtual XSECCryptoKey* getKey(const xmlsignature::KeyInfo* keyInfo=NULL) const=0;
-        
+        virtual const Credential* resolve(const CredentialCriteria* criteria=NULL) const=0;
+
         /**
-         * Returns a set of certificates to publish during signing operations.
-         * The certificates must be cloned if kept beyond the scope of a lock.
+         * Returns all matching Credentials according to the supplied criteria.
          * 
-         * @return  a set of certificates
+         * @param results   array to store matching Credentials
+         * @param criteria  an optional CredentialCriteria object 
+         * @return  number of credentials found
          */
-        virtual const std::vector<XSECCryptoX509*>& getCertificates() const=0;
+        virtual std::vector<const Credential*>::size_type resolve(
+            std::vector<const Credential*>& results, const CredentialCriteria* criteria=NULL
+            ) const=0;
     };
 
     /**
@@ -70,7 +67,7 @@ namespace xmltooling {
      */
     void XMLTOOL_API registerCredentialResolvers();
 
-    /** CredentialResolver based on local files */
+    /** CredentialResolver based on local files with no criteria support. */
     #define FILESYSTEM_CREDENTIAL_RESOLVER  "File"
 };